<?php
require_once ("config.inc.php");
require_once ("utils.inc.php");
function APIDie($code, $msg) {
	switch ($code) {
		case 200 :
			header ( "HTTP/1.1 200 OK" );
			break;
		case 403 :
			header ( "HTTP/1.1 403 Forbidden" );
			break;
		case 500 :
			header ( 'HTTP/1.1 500 Internal Server Error' );
			break;
	}
	die ( $msg );
}
function getExt($url) {
	$path = parse_url ( $url );
	$str = explode ( '.', $path ['path'] );
	return $str [1];
}
function APIUpload($fext, $movefile = true, $data = NULL) {
	$con = mysql_connect ( MySQLHost, MySQLUser, MySQLPass );
	if (! $con) {
		APIDie ( 500, 'Could not connect: ' . mysql_error () );
	}
	mysql_select_db ( MySQLDB, $con );
	$ip = getIpAddress ();
	$sql = 'INSERT INTO `imglist` (' . ' `imgid` ,' . ' `ext` ,' . ' `uploadip` ,' . ' `uploaddate` ,' . ' `lastdate` ,' . ' `clicks` ,' . ' `exp` ,' . ' `bw`' . ' )' . ' VALUES (' . ' NULL , \'' . $fext . '\', \'' . $ip . '\', NOW( ) , NOW( ) , \'0\', NOW( ) , \'0\'' . ' );';
	$result = mysql_query ( $sql );
	if (! $result) {
		APIDie ( 500, 'SQL Failed: ' . mysql_error () );
	}
	$result = encodeID ( mysql_insert_id () );
	$storename = "upload/" . $result . ".bin";
	if (file_exists ( $storename ))
		unlink ( $storename );
	if ($movefile) {
		if (! move_uploaded_file ( $_FILES ["image"] ["tmp_name"], $storename ))
			APIDie ( 500, 'Failed to store uploaded file.' );
		else
			APIDie ( 200, URLBase . 'd' . $result . '.' . $fext );
	} else {
		file_put_contents ( $storename, $data );
		APIDie ( 200, URLBase . 'd' . $result . '.' . $fext );
	}
}

header ( "Content-Type: text/plain; charset=utf-8" );

if ((! isset ( $_REQUEST ["apikey"] ) || ($_REQUEST ["apikey"] != APIKEY)) && (APIKEY != "public")) {
	APIDie ( 403, "Invalid API Call" );
}
$remoteMode = false;
if (isset ( $_REQUEST ["remote"] )) {
	$remoteMode = true;
	if (APIREMOTE != "allowed")
		APIDie ( 403, "Remote Download Not Allowed" );
}
$fileTypes = array (
		'jpg',
		'jpeg',
		'gif',
		'png' 
); // File extensions
if ($remoteMode) {
	if (! isset ( $_REQUEST ['url'] ))
		APIDie ( 403, "Unknown URL" );
	$url = $_REQUEST ['url'];
	$fext = getExt ( $url );
	if (! in_array ( $fext, $fileTypes ))
		APIDie ( 403, $url . ":" . "Bad url" );
	header ( "HTTP/1.1 408 Request timeout" );
	$opts = array (
			'http' => array (
					'method' => "GET",
					'user_agent' => $_SERVER ['HTTP_USER_AGENT'] 
			) 
	);
	$context = stream_context_create ( $opts );
	$data = file_get_contents ( $url, false, $context );
	if (! $data)
		APIDIE ( 403, "Failed to fetch " . $url );
	else {
		APIUpload ( $fext, false, $data );
	}
}
if (! isset ( $_FILES ["image"] ))
	APIDie ( 403, "Bad API Call" );
$fileParts = pathinfo ( $_FILES ["image"] ['name'] );
$fext = strtolower ( $fileParts ['extension'] );
if (in_array ( $fext, $fileTypes )) {
	if ($_FILES ["image"] ["size"] <= MAXImgSize) {
		if ($_FILES ["image"] ["error"] > 0) {
			APIDie ( 500, "Error Code: " . $_FILES ["image"] ["error"] );
		} else {
			APIUpload ( $fext );
		}
	} 

	else
		APIDie ( 403, 'File Too Large' );
} else
	APIDie ( 403, 'Invalid File' );

?>
